pka
-
Compteur de contenus
14 -
Inscription
-
Dernière visite
pka's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
c'est peut-être cela que vous attendiez ? Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.93 2009.01.29 - AhnLab-V3 5.0.0.2 2009.01.29 - AntiVir 7.9.0.60 2009.01.29 APPL/KillApplicat.A Authentium 5.1.0.4 2009.01.28 - Avast 4.8.1281.0 2009.01.28 - AVG 8.0.0.229 2009.01.29 HackTool.BVU BitDefender 7.2 2009.01.29 - CAT-QuickHeal 10.00 2009.01.29 - ClamAV 0.94.1 2009.01.29 PUA.Tool.KillWind Comodo 952 2009.01.29 - DrWeb 4.44.0.09170 2009.01.29 Trojan.KillApp.30208 eSafe 7.0.17.0 2009.01.28 - eTrust-Vet 31.6.6334 2009.01.29 - F-Prot 4.4.4.56 2009.01.28 - F-Secure 8.0.14470.0 2009.01.29 - Fortinet 3.117.0.0 2009.01.29 HackerTool/Killapp GData 19 2009.01.29 - Ikarus T3.1.1.45.0 2009.01.29 - K7AntiVirus 7.10.608 2009.01.28 Trojan.Win32.Malware.1 Kaspersky 7.0.0.125 2009.01.29 - McAfee 5509 2009.01.28 potentially unwanted program KillApp McAfee+Artemis 5509 2009.01.28 potentially unwanted program KillApp Microsoft 1.4205 2009.01.29 - NOD32 3810 2009.01.29 - Norman 6.00.02 2009.01.28 - nProtect 2009.1.8.0 2009.01.29 Trojan/W32.Killapp.30208 Panda 9.5.1.2 2009.01.28 Application/KillApp.A PCTools 4.4.2.0 2009.01.28 - Prevx1 V2 2009.01.29 Malicious Software Rising 21.13.42.00 2009.01.23 - SecureWeb-Gateway 6.7.6 2009.01.29 Riskware.KillApplicat.A Sophos 4.38.0 2009.01.29 - Sunbelt 3.2.1835.2 2009.01.16 - Symantec 10 2009.01.29 - TheHacker 6.3.1.5.231 2009.01.29 Aplicacion/Riskware.Tool.KillApp TrendMicro 8.700.0.1004 2009.01.29 - VBA32 3.12.8.11 2009.01.29 Trojan.KillApp.30208 ViRobot 2009.1.29.1580 2009.01.29 Toolkit.Win32.KillApp.30208 VirusBuster 4.5.11.0 2009.01.28 - Information additionnelle File size: 30208 bytes MD5...: 9ac7c5e54115bf58c1064ccbb9e23a71 SHA1..: b346d255c1b9bec0840d302e9c3f36b0334bb991 SHA256: 3d3afdefc331c861d2f133e0c0cd6fe1f5c224c3fa3a1216e65996f146e21780 SHA512: 12171bce25bfd27f80fe4bcfcacae2e55a7c55f3520ee6a3eb28dcf081e9ebf7 3eae5727f8fbe3ea8fee92b870039cea1241b8b9fca51d8ea206baad2b93cc4b ssdeep: 384:AnM8L9cLzD9TOa5fHSre6m+quLzTDzNCExptsf:V3pt6euLzTDzNNxpKf PEiD..: InstallShield 2000 TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1830 timedatestamp.....: 0x3797b42e (Fri Jul 23 00:15:42 1999) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x3110 0x3200 6.44 00035d9a6aa085912d855eab8589796a .rdata 0x5000 0x822 0xa00 4.61 7e78fd3054f78e299895277ec590f4cb .data 0x6000 0x2d38 0x2a00 1.19 0f43e2da4fcc51f48147115e30c37496 .rsrc 0x9000 0xad8 0xc00 3.05 a31688f012c87d85b451abd1d455679f ( 2 imports ) > KERNEL32.dll: FreeEnvironmentStringsA, OpenProcess, Sleep, GetModuleFileNameA, CloseHandle, Process32Next, Process32First, CreateToolhelp32Snapshot, WideCharToMultiByte, GetEnvironmentStringsW, LoadLibraryA, GetProcAddress, LCMapStringW, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, HeapAlloc, HeapFree, GetCurrentProcess, UnhandledExceptionFilter, TerminateProcess, MultiByteToWideChar, FreeEnvironmentStringsW, GetEnvironmentStrings, LCMapStringA, HeapDestroy, GetCPInfo, GetACP, GetOEMCP, SetHandleCount, GetStdHandle, GetFileType, HeapCreate, VirtualFree, RtlUnwind, WriteFile, VirtualAlloc, GetStringTypeA, GetStringTypeW > USER32.dll: wsprintfA, FindWindowA, MessageBoxA, GetWindowThreadProcessId ( 0 exports ) Prevx info: http://info.prevx.com/aboutprogramtext.asp...325AE00BC131E5F CWSandbox info: http://research.sunbelt-software.com/partn...1064ccbb9e23a71
-
la réponse de virustotal : MD5: 9ac7c5e54115bf58c1064ccbb9e23a71 First received: 2006.07.11 16:14:58 (CET) Date 2009.01.29 12:07:08 (CET) [>34D] Résultats 15/39 Permalink: analisis/a0e476f6e64f9cdbc789fb8c16aacc20
-
Voilà le rapport après le nettoyage : SmitFraudFix v2.398 Rapport fait à 20:55:49,71, 03/03/2009 Executé à partir de C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Bureau\Raccourcis Bureau non utilisés\SECURITE ZEBULON\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com ... »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin je n'ai pas eu le message corriger le fichier infecté, pour le fichier wininet.dll, il n'est peut être pas infecté ?
-
Bonsoir, j'ai fais une mise à jour de windows sp2, le pare feu fonctionne, je n'ai plus de ports ouverts, peut-être qu'il faudrait un pare feu plus efficace ? Voici le rapport de smitfraudfix: SmitFraudFix v2.398 Rapport fait à 20:47:09,78, 03/03/2009 Executé à partir de C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Bureau\Raccourcis Bureau non utilisés\SECURITE ZEBULON\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Menu Démarrer\Programmes\Démarrage\Calc.exe c:\Program Files\Microsoft Works\MSWorks.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts Fichier hosts corrompu ! 127.0.0.1 www.legal-at-spybot.info 127.0.0.1 legal-at-spybot.info 127.0.0.1 www.spywareinfo.com 127.0.0.1 spywareinfo.com »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000 »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1.000\LOCALS~1\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1.000\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: WAN (PPP/SLIP) Interface DNS Server Search Order: 81.253.149.9 DNS Server Search Order: 80.10.246.132 HKLM\SYSTEM\CCS\Services\Tcpip\..\{86DD5CC7-1D75-4A4F-B8AB-661D280F5383}: NameServer=81.253.149.9 80.10.246.132 HKLM\SYSTEM\CS1\Services\Tcpip\..\{86DD5CC7-1D75-4A4F-B8AB-661D280F5383}: NameServer=81.253.149.9 80.10.246.132 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Je vais tenter l'option 2 : le nettoyage.
-
Bonsoir, j'ai fait un scan avec panda : mon pc est infecté à croire qu'antivir ne sert à rien. Panda propose une petite désinfection gratuite pour le rapport qui suit ;******************************************************************************* ********************************************************************************* ******************* ANALYSIS: 2009-03-02 21:55:57 PROTECTIONS: 0 MALWARE: 25 SUSPECTS: 0 ;******************************************************************************* ********************************************************************************* ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================= =================== 00024343 adware/keenvalue Adware No 0 Yes No c:\windows\system32\drivers\etc\hosts.bho 00035328 Application/KillApp.A HackTools No 0 Yes No C:\hp\bin\Terminator.exe 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire\Local Settings\Temp\Cookies\propriétaire@doubleclick[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire\Local Settings\Temp\Cookies\propriétaire@atdmt[1].txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51\Cookies\propriétaire@tradedoubler[1].txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\propriétaire@tradedoubler[1].txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire\Cookies\propriétaire@tradedoubler[1].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire\Local Settings\Temp\Cookies\propriétaire@247realmedia[1].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire\Cookies\propriétaire@247realmedia[1].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51\Cookies\propriétaire@247realmedia[1].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\propriétaire@247realmedia[1].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51\Cookies\propriétaire@fastclick[1].txt 00145754 Cookie/Incredifind TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\propriétaire@incredifind[1].txt 00145754 Cookie/Incredifind TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire\Cookies\propriétaire@incredifind[1].txt 00147816 Cookie/Beweb TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\propriétaire@beweb[2].txt 00147816 Cookie/Beweb TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire\Cookies\propriétaire@beweb[2].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51\Cookies\propriétaire@com[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire\Cookies\propriétaire@xiti[2].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire\Local Settings\Temp\Cookies\propriétaire@xiti[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51\Cookies\propriétaire@xiti[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Cookies\propriétaire@xiti[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\propriétaire@xiti[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Cookies\proprié[email protected][1].txt 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire\Cookies\propriétaire@weborama[2].txt 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Cookies\propriétaire@weborama[1].txt 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\propriétaire@weborama[2].txt 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51\Cookies\propriétaire@weborama[2].txt 00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire\Local Settings\Temp\Cookies\propriétaire@weborama[2].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\propriétaire@adtech[2].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire\Cookies\propriétaire@adtech[2].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire\Local Settings\Temp\Cookies\propriétaire@adtech[2].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51\Cookies\propriétaire@adtech[1].txt 00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire\Cookies\proprié[email protected][2].txt 00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\proprié[email protected][2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire\Cookies\propriétaire@overture[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire\Local Settings\Temp\Cookies\propriétaire@overture[1].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\propriétaire@overture[2].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\propriétaire@realmedia[2].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire\Cookies\propriétaire@realmedia[2].txt 00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire\Cookies\propriétaire@metriweb[2].txt 00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\propriétaire@metriweb[2].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire\Cookies\propriétaire@bluestreak[2].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\propriétaire@bluestreak[2].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51\Cookies\propriétaire@bluestreak[1].txt 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51\Cookies\propriétaire@smartadserver[2].txt 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Cookies\propriétaire@smartadserver[2].txt 00593436 W32/Autorun.AQG.worm Virus/Worm No 1 No No C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Bureau\ComboFix.exe[32788R22FWJFW\List.bat] 00593436 W32/Autorun.AQG.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{DC728D2A-F789-45D0-A904-D810A757CF8D}\RP27\A0010553.bat 01048936 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll 01162707 HackTool/KillProcWin.A HackTools No 0 No No C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0C.dat[simple_killw.exe] 02219087 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameSpy Arcade\Aphex.exe 02990320 Application/BoontyGames HackTools No 0 Yes No C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe ;=============================================================================== ================================================================================= =================== SUSPECTS Sent Location =B\39\ ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= =================== VULNERABILITIES Id Severity Description =B\39\ ;=============================================================================== ================================================================================= =================== 133387 MEDIUM MS06-065 =B\39\ 133386 MEDIUM MS06-064 =B\39\ 133385 MEDIUM MS06-063 =B\39\ 133379 HIGH MS06-057 =B\39\ 131654 HIGH MS06-055 =B\39\ 129977 MEDIUM MS06-053 =B\39\ 129976 MEDIUM MS06-052 =B\39\ 126093 HIGH MS06-051 =B\39\ 126092 MEDIUM MS06-050 =B\39\ 126087 HIGH MS06-046 =B\39\ 126086 MEDIUM MS06-045 =B\39\ 126083 HIGH MS06-042 =B\39\ 126082 HIGH MS06-041 =B\39\ 126081 HIGH MS06-040 =B\39\ 123421 HIGH MS06-036 =B\39\ 123420 HIGH MS06-035 =B\39\ 120825 MEDIUM MS06-032 =B\39\ 120823 MEDIUM MS06-030 =B\39\ 120818 HIGH MS06-025 =B\39\ 120815 HIGH MS06-022 =B\39\ 120814 HIGH MS06-021 =B\39\ 117384 MEDIUM MS06-018 =B\39\ 114666 HIGH MS06-015 =B\39\ 114664 HIGH MS06-013 =B\39\ 111790 MEDIUM MS06-011 =B\39\ 108744 MEDIUM MS06-008 =B\39\ 108743 MEDIUM MS06-007 =B\39\ 108742 MEDIUM MS06-006 =B\39\ 104567 HIGH MS06-002 =B\39\ 104237 HIGH MS06-001 =B\39\ 101055 HIGH MS05-054 =B\39\ 96574 HIGH MS05-053 =B\39\ 93396 HIGH MS05-052 =B\39\ 93395 HIGH MS05-051 =B\39\ 93394 HIGH MS05-050 =B\39\ 93454 MEDIUM MS05-049 =B\39\ ;=============================================================================== ================================================================================= =================== Et pour les plus dangereux, une désinfection payante.
-
Apparemment pour kaspersky, il faut windows pack2, mon pc a le 1.
-
Je ne sais pas si je dois continuer car un message concernant regrenew est apparu.
-
voilà le rapport de combofix ComboFix 09-02-28.01 - Propriétaire 2009-03-01 16:34:17.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.1.1252.1.1036.18.255.120 [GMT 1:00] Lancé depuis: c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\patch.exe c:\windows\system\oeminfo.ini c:\windows\system32\datkkq32.dll c:\windows\system32\ftpupd.exe c:\windows\system32\iAlmcoin.dll c:\windows\system32\wins\svchost.exe D:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-01 au 2009-03-01 )))))))))))))))))))))))))))))))))))) . 2009-02-28 17:43 . 2009-02-28 17:43 <REP> d-------- c:\program files\Nobilis 2009-02-28 16:48 . 2009-02-28 16:48 <REP> d-------- C:\_OTMoveIt 2009-02-28 14:31 . 2009-02-28 14:31 <REP> d-------- C:\rsit 2009-02-27 21:49 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-27 21:49 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-27 21:11 . 2009-02-27 21:11 13,753 --a------ c:\windows\is-FPM8I.msg 2009-02-27 21:11 . 2009-02-27 21:11 433 --a------ c:\windows\is-FPM8I.lst 2009-02-26 19:26 . 2009-02-26 19:26 <REP> d-------- c:\program files\Avira 2009-02-26 19:26 . 2009-02-26 19:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-02-26 11:49 . 2009-02-26 11:49 <REP> d-------- C:\ToolBar SD 2009-02-15 13:11 . 2009-02-15 13:11 <REP> d-------- C:\DriveKey 2009-02-14 15:47 . 2009-02-14 15:47 <REP> d-------- c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\Shareaza 2009-02-14 15:17 . 2009-02-14 15:17 <REP> d-------- c:\windows\LastGood 2009-02-14 14:44 . 2009-02-14 14:44 <REP> d-------- c:\program files\Duplicate Cleaner 2009-02-14 14:44 . 2007-09-24 11:04 675,840 --a------ c:\windows\system32\AudioGenie24.ocx 2009-02-13 23:08 . 2009-02-13 23:08 <REP> d-------- c:\documents and settings\All Users\Application Data\MailFrontier 2009-02-13 23:08 . 2009-02-13 23:11 4,212 ---h----- c:\windows\system32\zllictbl.dat 2009-02-13 23:06 . 2009-02-14 09:56 <REP> d-------- c:\windows\system32\ZoneLabs 2009-02-13 23:05 . 2009-02-14 09:56 <REP> d-------- c:\windows\Internet Logs 2009-02-13 21:49 . 2009-02-28 08:12 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-13 21:49 . 2009-02-13 21:49 <REP> d-------- c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\Malwarebytes 2009-02-13 21:49 . 2009-02-13 21:49 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-13 21:30 . 2009-02-13 21:30 <REP> d-------- c:\program files\Trend Micro 2009-02-13 21:23 . 2003-03-09 21:31 561,152 -ra------ c:\windows\system32\hpotscl.dll 2009-02-13 21:23 . 2003-03-09 21:31 274,432 -ra------ c:\windows\system32\hpgwiamd.dll 2009-02-13 21:23 . 2003-03-09 21:30 237,568 -ra------ c:\windows\system32\HPZc3212.dll 2009-02-13 21:23 . 2003-03-09 21:31 81,920 -ra------ c:\windows\system32\hpovst08.dll 2009-02-13 21:23 . 2002-08-29 01:48 14,208 --a------ c:\windows\system32\drivers\usbscan.sys 2009-02-13 21:23 . 2002-08-29 01:48 14,208 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2009-02-13 20:35 . 2009-02-13 21:24 <REP> d-------- c:\windows\LastGood.Tmp 2009-02-12 13:30 . 2009-02-12 13:30 <REP> d-------- C:\WUTemp 2009-02-12 13:30 . 2003-08-25 18:06 182,880 --a------ c:\windows\system32\iuenginenew.dll 2009-02-11 22:28 . 2009-02-11 22:28 <REP> d-------- c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\DivX 2009-02-11 22:15 . 2003-12-08 11:53 70,688 --a------ c:\windows\system32\drivers\alcaudsl.sys 2009-02-11 22:15 . 2003-12-08 11:53 53,600 --a------ c:\windows\system32\drivers\alcan5wn.sys 2009-02-11 22:15 . 2003-12-08 11:53 5,606 --a------ c:\windows\system32\stci.dll 2009-02-11 22:15 . 2003-12-08 11:53 5,280 --a------ c:\windows\system32\drivers\alcawh.sys 2009-02-11 22:15 . 2003-12-08 11:53 3,968 --a------ c:\windows\system32\drivers\alcacr.sys 2009-02-11 22:14 . 2009-02-11 22:14 <REP> d-------- c:\program files\Wanadoo Messager 2009-02-11 22:14 . 2003-12-12 14:59 32,768 --a------ c:\windows\system32\ffJmpWeb.dll 2009-02-11 21:18 . 2003-01-02 06:30 <REP> d-a------ c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\WINDOWS 2009-02-11 21:18 . 2003-01-02 06:30 <REP> d-a------ c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\WINDOWS 2009-02-11 21:18 . 2003-01-02 05:29 <REP> d-a------ c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Voisinage réseau 2009-02-11 21:18 . 2003-01-02 05:29 <REP> d-a------ c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Voisinage réseau 2009-02-11 21:18 . 2003-01-02 05:29 <REP> d-a------ c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Voisinage d'impression 2009-02-11 21:18 . 2003-01-02 05:29 <REP> d-a------ c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Voisinage d'impression 2009-02-11 21:18 . 2009-02-11 21:18 <REP> d---s---- c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\UserData 2009-02-11 21:18 . 2009-02-11 21:18 <REP> d---s---- c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\UserData 2009-02-11 21:18 . 2009-02-11 21:18 <REP> d-a------ c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Modèles 2009-02-11 21:18 . 2009-02-11 21:18 <REP> d-a------ c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Modèles 2009-02-11 21:18 . 2009-02-28 14:55 <REP> dra------ c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Mes documents 2009-02-11 21:18 . 2009-02-28 14:55 <REP> dra------ c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Mes documents 2009-02-11 21:18 . 2009-02-11 21:27 <REP> d-a------ c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Menu Démarrer 2009-02-11 21:18 . 2009-02-11 21:27 <REP> d-a------ c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Menu Démarrer 2009-02-11 21:18 . 2009-02-28 23:18 <REP> dra------ c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Favoris 2009-02-11 21:18 . 2009-02-28 23:18 <REP> dra------ c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Favoris 2009-02-11 21:18 . 2009-03-01 16:30 <REP> d-a------ c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Bureau 2009-02-11 21:18 . 2009-03-01 16:30 <REP> d-a------ c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Bureau 2009-02-11 21:18 . 2004-12-22 13:43 <REP> d-------- c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\Zylom 2009-02-11 21:18 . 2003-12-03 10:25 <REP> d-------- c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\VERITAS 2009-02-11 21:18 . 2003-01-02 08:27 <REP> d-a------ c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\Symantec 2009-02-11 21:18 . 2003-01-02 06:28 <REP> d-a------ c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\Sonic 2009-02-11 21:18 . 2003-01-02 06:33 <REP> d-a------ c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\SampleView 2009-02-11 21:18 . 2009-02-14 09:53 <REP> d-------- c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\MSN6 2009-02-11 21:18 . 2003-09-08 17:47 <REP> d-------- c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\InterVideo 2009-02-11 21:18 . 2003-01-02 06:29 <REP> d-a------ c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\InterTrust 2009-02-11 21:18 . 2003-08-16 19:20 <REP> d-------- c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\Hewlett-Packard 2009-02-11 21:18 . 2003-08-17 08:15 <REP> d-------- c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\ArcSoft 2009-02-11 21:18 . 2004-06-13 08:07 <REP> d-------- c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\ACD Systems 2009-02-11 21:17 . 2009-02-11 21:38 <REP> d-------- c:\documents and settings\Propriétaire.NOM-Y40BV9AST51.000 2009-02-11 20:59 . 2002-08-29 11:33 52,736 --a------ c:\windows\system32\drivers\i8042prt.sys 2009-02-11 20:59 . 2002-08-29 11:35 24,064 --a------ c:\windows\system32\drivers\kbdclass.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-28 15:41 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-28 15:40 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-28 07:46 --------- d-----w c:\program files\Common Files 2009-02-15 12:11 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-14 14:47 --------- d-----w c:\program files\Shareaza 2009-02-14 14:44 --------- d-----w c:\program files\eMule 2009-02-14 14:40 --------- d-----w c:\documents and settings\Propriétaire.NOM-Y40BV9AST51\Application Data\Shareaza 2009-02-14 08:48 --------- d-----w c:\program files\Wanadoo 2009-02-14 08:39 --------- d---a-w c:\program files\Easy Internet signup 2009-02-11 22:06 --------- d---a-w c:\program files\Fichiers communs\Symantec Shared 2009-02-11 22:06 --------- d---a-w c:\documents and settings\All Users\Application Data\Symantec 2009-02-11 22:05 --------- d---a-w c:\program files\Symantec 2009-02-11 21:15 --------- d-----w c:\program files\Thomson 2009-02-11 21:14 --------- d-----w c:\program files\Messager Wanadoo 2009-02-11 20:32 4,114 --sha-r c:\windows\system32\drivers\HP_DM001A-ABF a248_YC_Pavi_QCZB330_E33FRheBLF1_4_IA7N8X-LA_SASUSTeK Computer INC._VRev 1.xx_B3.03_T030627_W1_L40C_M256_J80_7AMD_8Athlon XP 2400+_92_110DE006E_N10DE0066_P_Z_K_A10DE006A_U10DE0067_G10025961.MRK 2009-02-11 19:56 724,992 ----a-w c:\windows\iun6002.exe 2009-01-25 16:34 --------- d-----w c:\documents and settings\Propriétaire.NOM-Y40BV9AST51\Application Data\PlayFirst 2009-01-25 16:34 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst 2009-01-10 10:47 --------- d-----w c:\program files\Google 2009-01-03 15:53 --------- d-----w c:\documents and settings\Propriétaire.NOM-Y40BV9AST51\Application Data\cerasus.media 2007-09-22 12:35 62,848 ----a-w c:\documents and settings\Propriétaire.NOM-Y40BV9AST51\Application Data\GDIPFONTCACHEV1.DAT 2006-06-25 11:50 1,793 ----a-w c:\windows\inf\SETD6.tmp 2004-11-04 14:09 60,872 ----a-w c:\windows\system32\config\systemprofile\Application Data\GDIPFONTCACHEV1.DAT 2004-11-04 14:09 60,872 ----a-w c:\documents and settings\Default User\Application Data\GDIPFONTCACHEV1.DAT 2001-06-06 18:31 150,238 ----a-w c:\program files\wdTOC10.CHM 2001-06-06 18:30 93,643 ----a-w c:\program files\fpTOC10.CHM 2001-06-06 18:30 77,110 ----a-w c:\program files\pbTOC10.CHM 2001-06-06 18:30 114,261 ----a-w c:\program files\olTOC10.CHM 2001-06-06 18:30 110,592 ----a-w c:\program files\ppTOC10.CHM 2001-06-06 18:29 207,673 ----a-w c:\program files\ACTOC10.CHM 2001-06-06 18:28 154,461 ----a-w c:\program files\xlTOC10.CHM 2001-05-07 14:54 380,432 ----a-r c:\program files\xlow10.aw 2001-05-07 14:54 341,112 ----a-r c:\program files\wdow10.aw 2001-05-07 14:54 317,335 ----a-r c:\program files\ppow10.aw 2001-05-07 14:54 135,594 ----a-r c:\program files\pbow10.aw 2001-05-07 14:53 361,233 ----a-r c:\program files\fpow10.aw 2001-05-07 14:53 304,348 ----a-r c:\program files\acow10.aw 2001-05-07 14:53 300,824 ----a-r c:\program files\olow10.aw . ------- Sigcheck ------- 2004-08-04 07:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\ip6fw.sys 2004-08-04 07:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2002-08-21 1511453] "NVIEW"="nview.dll" [2003-03-04 c:\windows\system32\nview.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440] "StorageGuard"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-12 114688] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-03-04 4595712] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 315392] "ShowShifter TVTV EPG Daemon"="c:\program files\Home Media Networks Limited\ShowShifter\TVTVD.exe" [2003-04-24 50247] "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920] "WooCnxMon"="c:\progra~1\Wanadoo\CnxMon.exe" [2004-10-13 24576] "WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-10-13 24576] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "ATIModeChange"="Ati2mdxx.exe" [2001-09-05 c:\windows\system32\Ati2mdxx.exe] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ Calc.exe [2005-01-24 471040] c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\ Calc.exe [2005-01-24 471040] c:\documents and settings\Propri‚taire.NOM-Y40BV9AST51.000\Menu D‚marrer\Programmes\D‚marrage\ Calc.exe [2005-01-24 471040] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672] Windows Desktop Search.lnk - c:\program files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe [2005-09-20 17:10:04 238080] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= pvmjpg20.dll R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2009-02-26 22336] R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-02-26 45376] . Contenu du dossier 'Tâches planifiées' 2009-02-14 c:\windows\Tasks\Connexion facile à Internet.job - c:\program files\Easy Internet signup\HPSdpApp.exe [2003-03-12 07:34] 2009-03-01 c:\windows\Tasks\LiveUpdate.job - c:\progra~1\Symantec\LIVEUP~1\LUAll.exe [2002-08-20 06:07] 2009-02-28 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-01 16:45:51 Windows 5.1.2600 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(652) c:\windows\System32\ODBC32.dll c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll - - - - - - - > 'lsass.exe'(708) c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll c:\windows\System32\dssenh.dll . Heure de fin: 2009-03-01 16:53:55 ComboFix-quarantined-files.txt 2009-03-01 15:53:52 Avant-CF: 2 825 232 384 octets libres Après-CF: 3,922,202,624 octets libres 211
-
Bonsoir, le message restore fixe est réapparu, il est vraiment tenace.
-
Jusqu'à présent les messages restore fix et regrenew ne sont pas réapparus. Je vous dis un grand merci pour votre aide et votre patience.
-
le dernier fichier .log ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== FILES ========== C:\WINDOWS\is-FPM8I.exe moved successfully. C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Microsoft Windows Installer 3.1\mWinRun.dll\unicode moved successfully. C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Microsoft Windows Installer 3.1\mWinRun.dll\ansi moved successfully. C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Microsoft Windows Installer 3.1\mWinRun.dll moved successfully. C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Microsoft Windows Installer 3.1 moved successfully. C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\E63E34A7 not found. ========== COMMANDS ========== User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02282009_164831
-
Voilà les 2 rapports, Logfile of random's system information tool 1.05 (written by random/random) Run by Propriétaire at 2009-02-28 14:31:25 Microsoft Windows XP Édition familiale Service Pack 1 System drive C: has 4 GB (5%) free of 72 GB Total RAM: 255 MB (28% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:31:51, on 28/02/2009 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\svchost.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Menu Démarrer\Programmes\Démarrage\Calc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE c:\Program Files\Microsoft Works\MSWorks.exe C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Propriétaire.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr8.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr8.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [showShifter TVTV EPG Daemon] "C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [E63E34A7] c:\docume~1\propri~1.000\locals~1\tempor~1\content.ie5\ux4ryx25\cbaffr~1.exe /m="C:\DOCUME~1\PROPRI~1.000\LOCALS~1\TEMPOR~1\Content.IE5\UX4RYX25\CBAFFR~1.EXE" /k="" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [spybotDeletingA9539] command.com /c del "C:\WINDOWS\wt\WDInUsePlugin.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC6418] cmd.exe /c del "C:\WINDOWS\wt\WDInUsePlugin.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA2675] command.com /c del "C:\WINDOWS\wt\webdriver.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC102] cmd.exe /c del "C:\WINDOWS\wt\webdriver.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA8981] command.com /c del "C:\WINDOWS\wt\data.wts" O4 - HKLM\..\RunOnce: [spybotDeletingC3688] cmd.exe /c del "C:\WINDOWS\wt\data.wts" O4 - HKLM\..\RunOnce: [spybotDeletingA5672] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC8875] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA6432] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC5478] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA4748] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC5482] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA9123] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC4129] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA6280] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC2970] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA4015] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded" O4 - HKLM\..\RunOnce: [spybotDeletingC2245] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded" O4 - HKLM\..\RunOnce: [spybotDeletingA6097] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC1915] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA3864] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC749] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA7606] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe" O4 - HKLM\..\RunOnce: [spybotDeletingC7971] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe" O4 - HKLM\..\RunOnce: [spybotDeletingA5340] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC5214] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA2240] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC5401] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA7396] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar" O4 - HKLM\..\RunOnce: [spybotDeletingC7478] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar" O4 - HKLM\..\RunOnce: [spybotDeletingA2612] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax" O4 - HKLM\..\RunOnce: [spybotDeletingC7177] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax" O4 - HKLM\..\RunOnce: [spybotDeletingA1397] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini" O4 - HKLM\..\RunOnce: [spybotDeletingC8145] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini" O4 - HKLM\..\RunOnce: [spybotDeletingA5415] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC2718] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA3075] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar" O4 - HKLM\..\RunOnce: [spybotDeletingC8780] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar" O4 - HKLM\..\RunOnce: [spybotDeletingA8156] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC1474] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA3571] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC104] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA4504] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html" O4 - HKLM\..\RunOnce: [spybotDeletingC8164] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html" O4 - HKLM\..\RunOnce: [spybotDeletingA9519] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo" O4 - HKLM\..\RunOnce: [spybotDeletingC1572] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo" O4 - HKLM\..\RunOnce: [spybotDeletingA6583] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas" O4 - HKLM\..\RunOnce: [spybotDeletingC1500] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas" O4 - HKLM\..\RunOnce: [spybotDeletingA6267] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC9654] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA5576] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC4134] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA4768] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC8868] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar" O4 - HKLM\..\RunOnce: [spybotDeletingA3125] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC7090] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA7690] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC6368] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA1657] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt" O4 - HKLM\..\RunOnce: [spybotDeletingC6101] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt" O4 - HKLM\..\RunOnce: [spybotDeletingA9537] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC5707] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA6355] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC185] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA4351] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC7985] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA1609] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded" O4 - HKLM\..\RunOnce: [spybotDeletingC1227] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded" O4 - HKLM\..\RunOnce: [spybotDeletingA1437] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC5943] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA7281] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo" O4 - HKLM\..\RunOnce: [spybotDeletingC5648] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo" O4 - HKLM\..\RunOnce: [spybotDeletingA3245] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas" O4 - HKLM\..\RunOnce: [spybotDeletingC9104] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas" O4 - HKLM\..\RunOnce: [spybotDeletingA571] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas" O4 - HKLM\..\RunOnce: [spybotDeletingC5696] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas" O4 - HKLM\..\RunOnce: [spybotDeletingA9629] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC11] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA9138] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar" O4 - HKLM\..\RunOnce: [spybotDeletingC5041] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar" O4 - HKLM\..\RunOnce: [spybotDeletingA1700] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini" O4 - HKLM\..\RunOnce: [spybotDeletingC9956] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini" O4 - HKLM\..\RunOnce: [spybotDeletingA5428] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe" O4 - HKLM\..\RunOnce: [spybotDeletingC7813] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe" O4 - HKLM\..\RunOnce: [spybotDeletingA7317] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC5957] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA3484] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC74] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA7871] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar" O4 - HKLM\..\RunOnce: [spybotDeletingA6677] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC9781] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA4446] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax" O4 - HKLM\..\RunOnce: [spybotDeletingC6572] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax" O4 - HKLM\..\RunOnce: [spybotDeletingA9407] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini" O4 - HKLM\..\RunOnce: [spybotDeletingC6713] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini" O4 - HKLM\..\RunOnce: [spybotDeletingA3186] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html" O4 - HKLM\..\RunOnce: [spybotDeletingC4259] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html" O4 - HKLM\..\RunOnce: [spybotDeletingA1490] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts" O4 - HKLM\..\RunOnce: [spybotDeletingC1300] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts" O4 - HKLM\..\RunOnce: [spybotDeletingA2710] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC3742] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA4080] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC4051] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA9148] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts" O4 - HKLM\..\RunOnce: [spybotDeletingC2349] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts" O4 - HKLM\..\RunOnce: [spybotDeletingA9657] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo" O4 - HKLM\..\RunOnce: [spybotDeletingC6448] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo" O4 - HKLM\..\RunOnce: [spybotDeletingA6087] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas" O4 - HKLM\..\RunOnce: [spybotDeletingC877] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas" O4 - HKLM\..\RunOnce: [spybotDeletingA6968] command.com /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts" O4 - HKLM\..\RunOnce: [spybotDeletingC6978] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts" O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [spybotDeletingD2466] cmd.exe /c del "C:\WINDOWS\wt\WDInUsePlugin.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB4210] command.com /c del "C:\WINDOWS\wt\webdriver.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD6553] cmd.exe /c del "C:\WINDOWS\wt\webdriver.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB8072] command.com /c del "C:\WINDOWS\wt\data.wts" O4 - HKCU\..\RunOnce: [spybotDeletingD6423] cmd.exe /c del "C:\WINDOWS\wt\data.wts" O4 - HKCU\..\RunOnce: [spybotDeletingB2985] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD4633] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB546] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD1641] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB7273] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD9144] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB9044] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD3006] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB9568] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD8336] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB347] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded" O4 - HKCU\..\RunOnce: [spybotDeletingD3474] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded" O4 - HKCU\..\RunOnce: [spybotDeletingB9214] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD6198] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB448] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD9574] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB7787] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe" O4 - HKCU\..\RunOnce: [spybotDeletingD2776] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe" O4 - HKCU\..\RunOnce: [spybotDeletingB7923] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD2976] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB6243] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD6774] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB811] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar" O4 - HKCU\..\RunOnce: [spybotDeletingD9745] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar" O4 - HKCU\..\RunOnce: [spybotDeletingB6524] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax" O4 - HKCU\..\RunOnce: [spybotDeletingD3888] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax" O4 - HKCU\..\RunOnce: [spybotDeletingB1833] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini" O4 - HKCU\..\RunOnce: [spybotDeletingD8334] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini" O4 - HKCU\..\RunOnce: [spybotDeletingB8204] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD1285] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB3891] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar" O4 - HKCU\..\RunOnce: [spybotDeletingD8113] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar" O4 - HKCU\..\RunOnce: [spybotDeletingB3796] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD5832] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB766] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD9398] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB285] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html" O4 - HKCU\..\RunOnce: [spybotDeletingD8008] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html" O4 - HKCU\..\RunOnce: [spybotDeletingB1742] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo" O4 - HKCU\..\RunOnce: [spybotDeletingD4299] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo" O4 - HKCU\..\RunOnce: [spybotDeletingB4204] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas" O4 - HKCU\..\RunOnce: [spybotDeletingD3967] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas" O4 - HKCU\..\RunOnce: [spybotDeletingB3318] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD693] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB8151] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD9103] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB6912] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD4609] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB3218] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD9479] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB9815] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD7059] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB287] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt" O4 - HKCU\..\RunOnce: [spybotDeletingD3582] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt" O4 - HKCU\..\RunOnce: [spybotDeletingB1481] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD5655] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB4512] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD7696] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB3500] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD2632] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB7655] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded" O4 - HKCU\..\RunOnce: [spybotDeletingD1806] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded" O4 - HKCU\..\RunOnce: [spybotDeletingB1594] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD8147] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB5940] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo" O4 - HKCU\..\RunOnce: [spybotDeletingD774] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo" O4 - HKCU\..\RunOnce: [spybotDeletingB2809] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas" O4 - HKCU\..\RunOnce: [spybotDeletingD444] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas" O4 - HKCU\..\RunOnce: [spybotDeletingB6698] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas" O4 - HKCU\..\RunOnce: [spybotDeletingD922] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas" O4 - HKCU\..\RunOnce: [spybotDeletingB4590] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD978] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB2280] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar" O4 - HKCU\..\RunOnce: [spybotDeletingD718] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar" O4 - HKCU\..\RunOnce: [spybotDeletingB6903] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini" O4 - HKCU\..\RunOnce: [spybotDeletingD5560] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini" O4 - HKCU\..\RunOnce: [spybotDeletingB6219] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe" O4 - HKCU\..\RunOnce: [spybotDeletingD8174] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe" O4 - HKCU\..\RunOnce: [spybotDeletingB2530] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD8250] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB1281] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD9465] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB3457] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar" O4 - HKCU\..\RunOnce: [spybotDeletingD1630] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar" O4 - HKCU\..\RunOnce: [spybotDeletingB7531] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD516] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB7475] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax" O4 - HKCU\..\RunOnce: [spybotDeletingD7694] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax" O4 - HKCU\..\RunOnce: [spybotDeletingB2606] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini" O4 - HKCU\..\RunOnce: [spybotDeletingD116] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini" O4 - HKCU\..\RunOnce: [spybotDeletingB7811] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html" O4 - HKCU\..\RunOnce: [spybotDeletingD7751] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html" O4 - HKCU\..\RunOnce: [spybotDeletingB4785] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts" O4 - HKCU\..\RunOnce: [spybotDeletingD3299] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts" O4 - HKCU\..\RunOnce: [spybotDeletingB6536] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD8620] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB7724] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll" O4 - HKCU\..\RunOnce: [spybotDeletingD386] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll" O4 - HKCU\..\RunOnce: [spybotDeletingB9268] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts" O4 - HKCU\..\RunOnce: [spybotDeletingD7583] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts" O4 - HKCU\..\RunOnce: [spybotDeletingB2903] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo" O4 - HKCU\..\RunOnce: [spybotDeletingD7482] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo" O4 - HKCU\..\RunOnce: [spybotDeletingB9001] command.com /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas" O4 - HKCU\..\RunOnce: [spybotDeletingD5354] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas" O4 - HKCU\..\RunOnce: [spybotDeletingB8967] command.com /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts" O4 - HKCU\..\RunOnce: [spybotDeletingD2055] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - S-1-5-18 Startup: Calc.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Calc.exe (User 'Default user') O4 - Startup: Calc.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1234554818921 O17 - HKLM\System\CCS\Services\Tcpip\..\{86DD5CC7-1D75-4A4F-B8AB-661D280F5383}: NameServer = 81.253.149.1 80.10.246.3 O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 33435 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Connexion facile à Internet.job C:\WINDOWS\tasks\LiveUpdate.job C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-03 37808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}] c:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 163906] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-10 251504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-11 657904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-10 522224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-10 251504] {8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-11-19 848656] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736] "ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-05 28672] "KBD"=C:\HP\KBD\KBD.EXE [2003-02-12 61440] "StorageGuard"=C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe [2003-02-13 155648] "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992] "HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-03-12 114688] "NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-03-04 4595712] "nwiz"=nwiz.exe /installquiet /keeploaded /nodetect [] "AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2003-04-04 50176] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-02-28 315392] "ShowShifter TVTV EPG Daemon"=C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe [2003-04-24 50247] "PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920] "WooCnxMon"=C:\PROGRA~1\Wanadoo\CnxMon.exe [2004-10-13 24576] "WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2004-10-13 24576] "WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\TaskbarIcon.exe [2004-10-13 49152] "SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816] "E63E34A7"=c:\docume~1\propri~1.000\locals~1\tempor~1\content.ie5\ux4ryx25\cbaffr~1.exe /m=C:\DOCUME~1\PROPRI~1.000\LOCALS~1\TEMPOR~1\Content.IE5\UX4RYX25\CBAFFR~1.EXE /k= [] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504] "SpybotDeletingA9539"=command.com /c del C:\WINDOWS\wt\WDInUsePlugin.dll [] "SpybotDeletingC6418"=cmd.exe /c del C:\WINDOWS\wt\WDInUsePlugin.dll [] "SpybotDeletingA2675"=command.com /c del C:\WINDOWS\wt\webdriver.dll [] "SpybotDeletingC102"=cmd.exe /c del C:\WINDOWS\wt\webdriver.dll [] "SpybotDeletingA8981"=command.com /c del C:\WINDOWS\wt\data.wts [] "SpybotDeletingC3688"=cmd.exe /c del C:\WINDOWS\wt\data.wts [] "SpybotDeletingA5672"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll [] "SpybotDeletingC8875"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll [] "SpybotDeletingA6432"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll [] "SpybotDeletingC5478"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll [] "SpybotDeletingA4748"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll [] "SpybotDeletingC5482"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll [] "SpybotDeletingA9123"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll [] "SpybotDeletingC4129"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll [] "SpybotDeletingA6280"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\sound.dll [] "SpybotDeletingC2970"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\sound.dll [] "SpybotDeletingA4015"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded [] "SpybotDeletingC2245"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded [] "SpybotDeletingA6097"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll [] "SpybotDeletingC1915"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll [] "SpybotDeletingA3864"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll [] "SpybotDeletingC749"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll [] "SpybotDeletingA7606"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe [] "SpybotDeletingC7971"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe [] "SpybotDeletingA5340"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll [] "SpybotDeletingC5214"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll [] "SpybotDeletingA2240"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll [] "SpybotDeletingC5401"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll [] "SpybotDeletingA7396"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar [] "SpybotDeletingC7478"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar [] "SpybotDeletingA2612"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax [] "SpybotDeletingC7177"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax [] "SpybotDeletingA1397"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini [] "SpybotDeletingC8145"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini [] "SpybotDeletingA5415"=command.com /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll [] "SpybotDeletingC2718"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll [] "SpybotDeletingA3075"=command.com /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar [] "SpybotDeletingC8780"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar [] "SpybotDeletingA8156"=command.com /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll [] "SpybotDeletingC1474"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll [] "SpybotDeletingA3571"=command.com /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll [] "SpybotDeletingC104"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll [] "SpybotDeletingA4504"=command.com /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html [] "SpybotDeletingC8164"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html [] "SpybotDeletingA9519"=command.com /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo [] "SpybotDeletingC1572"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo [] "SpybotDeletingA6583"=command.com /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas [] "SpybotDeletingC1500"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas [] "SpybotDeletingA6267"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll [] "SpybotDeletingC9654"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll [] "SpybotDeletingA5576"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll [] "SpybotDeletingC4134"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll [] "SpybotDeletingA4768"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll [] "SpybotDeletingC8868"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar [] "SpybotDeletingA3125"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll [] "SpybotDeletingC7090"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll [] "SpybotDeletingA7690"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll [] "SpybotDeletingC6368"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll [] "SpybotDeletingA1657"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt [] "SpybotDeletingC6101"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt [] "SpybotDeletingA9537"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll [] "SpybotDeletingC5707"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll [] "SpybotDeletingA6355"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll [] "SpybotDeletingC185"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll [] "SpybotDeletingA4351"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll [] "SpybotDeletingC7985"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll [] "SpybotDeletingA1609"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded [] "SpybotDeletingC1227"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded [] "SpybotDeletingA1437"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll [] "SpybotDeletingC5943"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll [] "SpybotDeletingA7281"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo [] "SpybotDeletingC5648"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo [] "SpybotDeletingA3245"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas [] "SpybotDeletingC9104"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas [] "SpybotDeletingA571"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas [] "SpybotDeletingC5696"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas [] "SpybotDeletingA9629"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll [] "SpybotDeletingC11"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll [] "SpybotDeletingA9138"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar [] "SpybotDeletingC5041"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar [] "SpybotDeletingA1700"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini [] "SpybotDeletingC9956"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini [] "SpybotDeletingA5428"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe [] "SpybotDeletingC7813"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe [] "SpybotDeletingA7317"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll [] "SpybotDeletingC5957"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll [] "SpybotDeletingA3484"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll [] "SpybotDeletingC74"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll [] "SpybotDeletingA7871"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar [] "SpybotDeletingA6677"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll [] "SpybotDeletingC9781"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll [] "SpybotDeletingA4446"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax [] "SpybotDeletingC6572"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax [] "SpybotDeletingA9407"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini [] "SpybotDeletingC6713"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini [] "SpybotDeletingA3186"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html [] "SpybotDeletingC4259"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html [] "SpybotDeletingA1490"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts [] "SpybotDeletingC1300"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "NVIEW"=C:\WINDOWS\system32\nview.dll [2003-03-04 831557] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2002-08-21 1511453] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SpybotDeletingD2466"=cmd.exe /c del C:\WINDOWS\wt\WDInUsePlugin.dll [] "SpybotDeletingB4210"=command.com /c del C:\WINDOWS\wt\webdriver.dll [] "SpybotDeletingD6553"=cmd.exe /c del C:\WINDOWS\wt\webdriver.dll [] "SpybotDeletingB8072"=command.com /c del C:\WINDOWS\wt\data.wts [] "SpybotDeletingD6423"=cmd.exe /c del C:\WINDOWS\wt\data.wts [] "SpybotDeletingB2985"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll [] "SpybotDeletingD4633"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll [] "SpybotDeletingB546"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll [] "SpybotDeletingD1641"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll [] "SpybotDeletingB7273"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll [] "SpybotDeletingD9144"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll [] "SpybotDeletingB9044"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll [] "SpybotDeletingD3006"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll [] "SpybotDeletingB9568"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\sound.dll [] "SpybotDeletingD8336"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\sound.dll [] "SpybotDeletingB347"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded [] "SpybotDeletingD3474"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded [] "SpybotDeletingB9214"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll [] "SpybotDeletingD6198"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll [] "SpybotDeletingB448"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll [] "SpybotDeletingD9574"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll [] "SpybotDeletingB7787"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe [] "SpybotDeletingD2776"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe [] "SpybotDeletingB7923"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll [] "SpybotDeletingD2976"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll [] "SpybotDeletingB6243"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll [] "SpybotDeletingD6774"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll [] "SpybotDeletingB811"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar [] "SpybotDeletingD9745"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar [] "SpybotDeletingB6524"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax [] "SpybotDeletingD3888"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax [] "SpybotDeletingB1833"=command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini [] "SpybotDeletingD8334"=cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini [] "SpybotDeletingB8204"=command.com /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll [] "SpybotDeletingD1285"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll [] "SpybotDeletingB3891"=command.com /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar [] "SpybotDeletingD8113"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar [] "SpybotDeletingB3796"=command.com /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll [] "SpybotDeletingD5832"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll [] "SpybotDeletingB766"=command.com /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll [] "SpybotDeletingD9398"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll [] "SpybotDeletingB285"=command.com /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html [] "SpybotDeletingD8008"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html [] "SpybotDeletingB1742"=command.com /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo [] "SpybotDeletingD4299"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo [] "SpybotDeletingB4204"=command.com /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas [] "SpybotDeletingD3967"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas [] "SpybotDeletingB3318"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll [] "SpybotDeletingD693"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll [] "SpybotDeletingB8151"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll [] "SpybotDeletingD9103"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll [] "SpybotDeletingB6912"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll [] "SpybotDeletingD4609"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll [] "SpybotDeletingB3218"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll [] "SpybotDeletingD9479"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll [] "SpybotDeletingB9815"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll [] "SpybotDeletingD7059"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll [] "SpybotDeletingB287"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt [] "SpybotDeletingD3582"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt [] "SpybotDeletingB1481"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll [] "SpybotDeletingD5655"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll [] "SpybotDeletingB4512"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll [] "SpybotDeletingD7696"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll [] "SpybotDeletingB3500"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll [] "SpybotDeletingD2632"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll [] "SpybotDeletingB7655"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded [] "SpybotDeletingD1806"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded [] "SpybotDeletingB1594"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll [] "SpybotDeletingD8147"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll [] "SpybotDeletingB5940"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo [] "SpybotDeletingD774"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo [] "SpybotDeletingB2809"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas [] "SpybotDeletingD444"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas [] "SpybotDeletingB6698"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas [] "SpybotDeletingD922"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas [] "SpybotDeletingB4590"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll [] "SpybotDeletingD978"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll [] "SpybotDeletingB2280"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar [] "SpybotDeletingD718"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar [] "SpybotDeletingB6903"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini [] "SpybotDeletingD5560"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini [] "SpybotDeletingB6219"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe [] "SpybotDeletingD8174"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe [] "SpybotDeletingB2530"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll [] "SpybotDeletingD8250"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll [] "SpybotDeletingB1281"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll [] "SpybotDeletingD9465"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll [] "SpybotDeletingB3457"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar [] "SpybotDeletingD1630"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar [] "SpybotDeletingB7531"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll [] "SpybotDeletingD516"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll [] "SpybotDeletingB7475"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax [] "SpybotDeletingD7694"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax [] "SpybotDeletingB2606"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini [] "SpybotDeletingD116"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini [] "SpybotDeletingB7811"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html [] "SpybotDeletingD7751"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html [] "SpybotDeletingB4785"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts [] "SpybotDeletingD3299"=cmd.exe /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts [] "SpybotDeletingB6536"=command.com /c del C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll [] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Menu Démarrer\Programmes\Démarrage Calc.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2003-03-12 315392] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=95000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2009-02-28 14:31:25 ----D---- C:\rsit 2009-02-27 21:11:38 ----A---- C:\WINDOWS\is-FPM8I.exe 2009-02-26 19:26:10 ----D---- C:\Program Files\Avira 2009-02-26 19:26:10 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-02-26 14:35:18 ----A---- C:\WINDOWS\ntbtlog.txt 2009-02-26 11:49:25 ----D---- C:\ToolBar SD 2009-02-15 13:11:35 ----D---- C:\DriveKey 2009-02-15 12:37:41 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2009-02-14 15:47:46 ----D---- C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\Shareaza 2009-02-14 15:17:29 ----D---- C:\WINDOWS\LastGood 2009-02-14 14:44:09 ----D---- C:\Program Files\Duplicate Cleaner 2009-02-13 23:08:22 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier 2009-02-13 23:06:35 ----D---- C:\WINDOWS\System32\ZoneLabs 2009-02-13 23:05:24 ----D---- C:\WINDOWS\Internet Logs 2009-02-13 21:49:53 ----D---- C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\Malwarebytes 2009-02-13 21:49:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-02-13 21:49:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-02-13 21:30:04 ----D---- C:\Program Files\Trend Micro 2009-02-13 21:23:52 ----RA---- C:\WINDOWS\System32\HPZc3212.dll 2009-02-13 21:23:51 ----RA---- C:\WINDOWS\System32\hpovst08.dll 2009-02-13 21:23:50 ----RA---- C:\WINDOWS\System32\hpotscl.dll 2009-02-13 21:23:50 ----RA---- C:\WINDOWS\System32\hpgwiamd.dll 2009-02-13 20:36:39 ----HDC---- C:\WINDOWS\$NtUninstallKB832353$ 2009-02-13 20:35:52 ----D---- C:\WINDOWS\LastGood.Tmp 2009-02-12 13:30:55 ----D---- C:\WUTemp 2009-02-12 13:30:12 ----A---- C:\WINDOWS\System32\iuenginenew.dll 2009-02-11 23:18:36 ----D---- C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\Google 2009-02-11 22:28:45 ----D---- C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\DivX 2009-02-11 22:15:26 ----A---- C:\WINDOWS\System32\stci.dll 2009-02-11 22:14:32 ----A---- C:\WINDOWS\System32\ffJmpWeb.dll 2009-02-11 22:14:31 ----D---- C:\Program Files\Wanadoo Messager 2009-02-11 21:37:34 ----RASH---- C:\BOOT.BAK 2009-02-11 21:35:56 ----RSHD---- C:\cmdcons 2009-02-11 21:18:14 ----D---- C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\InterVideo 2009-02-11 21:18:14 ----D---- C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\Hewlett-Packard 2009-02-11 21:18:14 ----D---- C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\Help 2009-02-11 21:18:14 ----D---- C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\ArcSoft 2009-02-11 21:18:14 ----D---- C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\ACD Systems 2009-02-11 21:18:14 ----AD---- C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\InterTrust 2009-02-11 21:18:14 ----AD---- C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\Identities 2009-02-11 21:18:14 ----AD---- C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\Adobe 2009-02-11 21:18:13 ----D---- C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\Macromedia 2009-02-11 21:18:12 ----D---- C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\Zylom 2009-02-11 21:18:12 ----D---- C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\VERITAS 2009-02-11 21:18:12 ----D---- C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\MSN6 2009-02-11 21:18:12 ----AD---- C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\Symantec 2009-02-11 21:18:12 ----AD---- C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\Sonic 2009-02-11 21:18:12 ----AD---- C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\SampleView 2009-02-11 21:18:12 ----AD---- C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Application Data\Microsoft 2009-02-11 20:58:46 ----HDC---- C:\WINDOWS\$NtUninstallQ811789$ 2009-02-11 20:56:19 ----HDC---- C:\WINDOWS\$NtUninstallQ331958$ 2009-02-11 20:56:07 ----HDC---- C:\WINDOWS\$NtUninstallQ329909$ 2009-02-11 20:55:56 ----HDC---- C:\WINDOWS\$NtUninstallq329256$ 2009-02-06 12:35:56 ----A---- C:\WINDOWS\System32\LegitCheckControl.DLL ======List of files/folders modified in the last 1 months====== 2009-02-28 14:31:19 ----D---- C:\WINDOWS\Prefetch 2009-02-28 14:30:15 ----AD---- C:\WINDOWS\Temp 2009-02-28 09:29:15 ----AD---- C:\WINDOWS\Tasks 2009-02-28 08:46:58 ----A---- C:\WINDOWS\wininit.ini 2009-02-28 08:46:30 ----AD---- C:\WINDOWS 2009-02-28 08:46:19 ----AD---- C:\WINDOWS\Downloaded Program Files 2009-02-28 08:46:18 ----AD---- C:\Program Files 2009-02-28 08:12:48 ----AD---- C:\WINDOWS\system32 2009-02-27 21:49:29 ----AD---- C:\WINDOWS\System32\drivers 2009-02-27 21:25:29 ----AD---- C:\WINDOWS\System32\CatRoot2 2009-02-27 21:21:44 ----AD---- C:\WINDOWS\Debug 2009-02-27 21:21:03 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-02-27 21:05:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-27 20:56:18 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-02-26 14:40:33 ----D---- C:\temp 2009-02-26 10:57:47 ----AD---- C:\WINDOWS\System32\FxsTmp 2009-02-16 21:56:42 ----D---- C:\WINDOWS\Minidump 2009-02-15 13:11:34 ----HD---- C:\Program Files\InstallShield Installation Information 2009-02-15 12:48:33 ----A---- C:\WINDOWS\imsins.BAK 2009-02-15 12:48:27 ----HD---- C:\WINDOWS\inf 2009-02-15 12:46:48 ----AD---- C:\WINDOWS\System32\CatRoot 2009-02-15 12:46:31 ----ADC---- C:\WINDOWS\System32\dllcache 2009-02-15 12:43:16 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$ 2009-02-14 15:47:49 ----D---- C:\Program Files\Shareaza 2009-02-14 15:44:10 ----D---- C:\Program Files\eMule 2009-02-14 14:47:49 ----SHD---- C:\WINDOWS\Installer 2009-02-14 14:47:39 ----SHD---- C:\Config.Msi 2009-02-14 13:00:59 ----D---- C:\unzipped 2009-02-14 09:48:50 ----D---- C:\Program Files\Wanadoo 2009-02-14 09:39:57 ----AD---- C:\Program Files\Easy Internet signup 2009-02-13 21:23:51 ----AD---- C:\WINDOWS\twain_32 2009-02-13 21:13:53 ----AD---- C:\WINDOWS\security 2009-02-13 21:09:08 ----AD---- C:\WINDOWS\RegisteredPackages 2009-02-13 21:09:06 ----AD---- C:\Program Files\Windows Media Player 2009-02-13 21:08:32 ----AD---- C:\WINDOWS\Help 2009-02-13 20:59:39 ----D---- C:\WINDOWS\SoftwareDistribution 2009-02-12 03:57:04 ----AD---- C:\WINDOWS\CREATOR 2009-02-12 03:57:01 ----AD---- C:\WINDOWS\system 2009-02-12 03:53:37 ----AD---- C:\WINDOWS\System32\wbem 2009-02-12 03:53:27 ----AD---- C:\WINDOWS\System32\usmt 2009-02-12 03:53:08 ----AD---- C:\WINDOWS\System32\ras 2009-02-12 03:53:02 ----AD---- C:\WINDOWS\System32\oobe 2009-02-12 03:52:49 ----AD---- C:\WINDOWS\System32\npp 2009-02-12 03:52:21 ----AD---- C:\WINDOWS\System32\icsxml 2009-02-12 03:52:21 ----AD---- C:\WINDOWS\System32\ias 2009-02-12 03:50:21 ----AD---- C:\WINDOWS\System32\Setup 2009-02-12 03:50:20 ----AD---- C:\WINDOWS\System32\Restore 2009-02-12 03:50:16 ----AD---- C:\WINDOWS\System32\Com 2009-02-12 03:50:13 ----AD---- C:\WINDOWS\srchasst 2009-02-12 03:50:09 ----AD---- C:\WINDOWS\msagent 2009-02-12 03:50:08 ----AD---- C:\WINDOWS\ime 2009-02-12 03:50:07 ----RD---- C:\WINDOWS\Web 2009-02-12 03:50:07 ----AD---- C:\WINDOWS\addins 2009-02-12 03:50:05 ----AD---- C:\WINDOWS\Media 2009-02-12 03:49:44 ----AD---- C:\WINDOWS\Cursors 2009-02-12 03:49:40 ----AD---- C:\WINDOWS\AppPatch 2009-02-12 03:49:39 ----AD---- C:\Program Files\Windows NT 2009-02-12 03:49:35 ----AD---- C:\Program Files\Outlook Express 2009-02-12 03:49:35 ----AD---- C:\Program Files\NetMeeting 2009-02-12 03:49:33 ----AD---- C:\Program Files\Movie Maker 2009-02-12 03:49:32 ----AD---- C:\Program Files\Messenger 2009-02-12 03:49:27 ----AD---- C:\Program Files\Internet Explorer 2009-02-12 03:49:27 ----AD---- C:\Program Files\Fichiers communs\System 2009-02-12 03:49:23 ----AD---- C:\Program Files\Fichiers communs\Services 2009-02-12 03:49:05 ----AD---- C:\WINDOWS\Offline Web Pages 2009-02-12 03:49:02 ----AD---- C:\WINDOWS\assembly 2009-02-11 23:06:06 ----AD---- C:\Program Files\Fichiers communs\Symantec Shared 2009-02-11 23:06:06 ----AD---- C:\Documents and Settings\All Users\Application Data\Symantec 2009-02-11 23:05:31 ----AD---- C:\Program Files\Symantec 2009-02-11 22:26:02 ----SHD---- C:\RECYCLER 2009-02-11 22:21:56 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI 2009-02-11 22:15:23 ----D---- C:\Program Files\Thomson 2009-02-11 22:14:16 ----D---- C:\Program Files\Messager Wanadoo 2009-02-11 21:38:47 ----AHD---- C:\Program Files\WindowsUpdate 2009-02-11 21:38:00 ----RASH---- C:\boot.ini 2009-02-11 21:35:56 ----A---- C:\WINDOWS\UPGRADE.TXT 2009-02-11 21:35:29 ----D---- C:\WINDOWS\setup.pss 2009-02-11 21:33:12 ----A---- C:\WINDOWS\OEWABLog.txt 2009-02-11 21:17:49 ----AD---- C:\Documents and Settings 2009-02-11 21:17:20 ----A---- C:\WINDOWS\setuplog.txt 2009-02-11 21:16:47 ----SHD---- C:\System Volume Information 2009-02-11 21:15:51 ----AD---- C:\WINDOWS\System32\config 2009-02-11 20:59:07 ----AD---- C:\WINDOWS\System32\ReinstallBackups 2009-02-11 20:57:13 ----RSD---- C:\WINDOWS\Fonts 2009-02-11 20:56:29 ----A---- C:\WINDOWS\iun6002.exe 2009-02-11 20:55:37 ----HDC---- C:\WINDOWS\$NtUninstallQ327979$ 2009-02-11 20:28:15 ----AD---- C:\WINDOWS\Registration 2009-02-11 20:27:14 ----A---- C:\WINDOWS\system.ini 2009-02-11 20:27:00 ----A---- C:\FINIS_IT.TXT 2009-02-11 20:26:58 ----HD---- C:\hp 2009-02-11 19:58:02 ----AD---- C:\WINDOWS\repair 2009-02-10 12:52:15 ----A---- C:\WINDOWS\ModemLog_Conexant HSF V92 56K PCI Modem.txt ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2003-01-22 35328] R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2008-05-09 45376] R1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2003-12-08 53600] R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2003-12-08 70688] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-04-08 719244] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2003-01-22 57344] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-03-01 576512] R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-03-09 51024] R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-03-09 16080] R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-03-09 21456] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2003-01-22 57984] R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-09-24 80896] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856] R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2003-07-03 28160] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-01-21 19328] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-01-21 51968] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2003-01-21 15744] R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208] S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-03-14 112288] S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-03-14 78496] S3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-18 66591] S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-03-14 90395] S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-03-04 1248794] S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2003-03-14 166528] S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-02-27 260736] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2003-01-21 21760] S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2003-01-21 19328] S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2003-01-21 4736] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912] S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-03-04 65536] S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2003-01-21 251392] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 137200] -----------------EOF----------------- info.txt logfile of random's system information tool 1.05 2009-02-28 14:31:58 ======Uninstall list====== -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature -->c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Complément Microsoft Word pour Microsoft Works Suite-->MsiExec.exe /I{F6B1CD0F-DB2D-4666-A168-C46390AD8C4A} Connexion facile à Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1036 Correctif pour le Lecteur Windows Media [Voir KB832353 pour plus d'informations]-->C:\WINDOWS\$NtUninstallKB832353$\spuninst\spuninst.exe Correctif Windows XP (SP2) Q327979-->C:\WINDOWS\$NtUninstallQ327979$\spuninst\spuninst.exe Correctif Windows XP (SP2) Q329909-->C:\WINDOWS\$NtUninstallQ329909$\spuninst\spuninst.exe Correctif Windows XP (SP2) Q811789-->C:\WINDOWS\$NtUninstallQ811789$\spuninst\spuninst.exe Duplicate Cleaner 1.3-->"C:\Program Files\Duplicate Cleaner\unins000.exe" Encyclopédie Microsoft Encarta 2003-->MsiExec.exe /I{03460014-3975-4267-9F39-1DC4745090B7} Extension Système de Microsoft Money-->MsiExec.exe /I{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7} EZface ActiveX 207-->C:\PROGRA~1\EZFace\ActiveX\uninst.bat 207 C:\PROGRA~1\EZFace\ActiveX Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall hp psc 1100 series-->rundll32 hpzcon07.dll,VendorJettison hp psc 1100 series HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9 anything Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572 InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL KBD-->C:\HP\KBD\KBD.EXE uninstalled Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework (French) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1036) Microsoft .NET Framework (French)-->MsiExec.exe /X{6B908BF7-A583-4962-B068-69657D87CD56} Microsoft AutoRoute 2002-->MsiExec.exe /I{F7F2DC0A-C22E-49AD-AD37-797309A54E7B} Microsoft Money-->MsiExec.exe /I{01A2E33A-8ADA-42D1-9173-8F65149E952F} Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9} Microsoft Picture It! Photo 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132} Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9} Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72} NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf Package du correctif Windows XP [voir q329256 pour plus de détails]-->C:\WINDOWS\$NtUninstallq329256$\spuninst\spuninst.exe Package du correctif Windows XP [voir Q331958 pour plus de détails]-->C:\WINDOWS\$NtUninstallQ331958$\spuninst\spuninst.exe PS2-->C:\WINDOWS\system32\ps2.exe uninstall Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG RecordNow-->MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264} S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display' S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2' S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2' S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay' Sélecteur d'installation de Microsoft Works Suite 2003-->C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe E:\ Shareaza 2.3.1.0-->"C:\Program Files\Shareaza\Uninstall\unins000.exe" Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log ShowBiz DVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{60E80B13-8649-4A69-85E2-1AE99E061F43}\setup.exe" -l0x40c ShowShifter-->C:\WINDOWS\iun6002.exe "C:\Program Files\Home Media Networks Limited\ShowShifter\Remove-ShowShifter.ini" Simple Installer - Multilanguage Version-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}\setup.exe" Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3} SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l040c -Control_Panel Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe" Wanadoo Messager-->C:\PROGRA~1\WANADO~1\UNWISE.EXE C:\PROGRA~1\WANADO~1\INSTALL.LOG Wanadoo-->C:\PROGRA~1\Wanadoo\Shell.exe desinstall.shl Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com System event log Computer Name: NOM-Y40BV9AST51 Event Code: 20159 Message: La connexion à wanadoo adsl effectuée par l'utilisateur fti/7a72bey utilisant le périphérique ISDN11-0 a été déconnectée. Record Number: 360 Source Name: RemoteAccess Time Written: 20090213134246.000000+060 Event Type: Informations User: Computer Name: NOM-Y40BV9AST51 Event Code: 7036 Message: Le service Google Updater Service est entré dans l'état : arrêté. Record Number: 359 Source Name: Service Control Manager Time Written: 20090213131328.000000+060 Event Type: Informations User: Computer Name: NOM-Y40BV9AST51 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Google Updater Service. Record Number: 358 Source Name: Service Control Manager Time Written: 20090213131127.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: NOM-Y40BV9AST51 Event Code: 7036 Message: Le service Google Updater Service est entré dans l'état : en cours d'exécution. Record Number: 357 Source Name: Service Control Manager Time Written: 20090213131127.000000+060 Event Type: Informations User: Computer Name: NOM-Y40BV9AST51 Event Code: 20158 Message: L'utilisateur fti/7a72bey a établi une connexion à wanadoo adsl en utilisant le périphérique ISDN11-0. Record Number: 356 Source Name: RemoteAccess Time Written: 20090213131054.000000+060 Event Type: Informations User: Application event log Computer Name: NOM-Y40BV9AST51 Event Code: 1002 Message: Application bloquée WINWORD.EXE, version 10.0.4030.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Record Number: 63 Source Name: Application Hang Time Written: 20090213215722.000000+060 Event Type: erreur User: Computer Name: NOM-Y40BV9AST51 Event Code: 1002 Message: Application bloquée , version 0.0.0.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Record Number: 62 Source Name: Application Hang Time Written: 20090213215312.000000+060 Event Type: erreur User: Computer Name: NOM-Y40BV9AST51 Event Code: 32068 Message: La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement. Code de pays/région : '*' Indicatif régional : '*' Record Number: 61 Source Name: Microsoft Fax Time Written: 20090213212510.000000+060 Event Type: Avertissement User: Computer Name: NOM-Y40BV9AST51 Event Code: 32026 Message: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI). Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé. Record Number: 60 Source Name: Microsoft Fax Time Written: 20090213212510.000000+060 Event Type: Avertissement User: Computer Name: NOM-Y40BV9AST51 Event Code: 11728 Message: Produit : Microsoft Word 2002 -- La configuration s'est terminée correctement. Record Number: 59 Source Name: MsiInstaller Time Written: 20090213212126.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=0801 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "PCToolsDir"=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hewlett-Packard\Outils de l'ordinateur HP Pavilion -----------------EOF-----------------
-
bonjour, voici le rapport de MBAM. Les 2 messages regrenew et restore fix apparaissent de temps en temps, j'ai du mal à comprendre. Une autre question : quelle conséquence des ports fermés ou ouverts sur un PC ? Merci Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1749 Windows 5.1.2600 Service Pack 1 28/02/2009 07:27:02 mbam-log-2009-02-28 (07-27-02).txt Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|) Eléments examinés: 266787 Temps écoulé: 2 hour(s), 37 minute(s), 32 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
-
Bonsoir, j'ai eu un bug sur mon pc et depuis une fenêtre apparaît en anglais pour un problème de sécurité avec le nom de restore fix. auparavant, c'était une fenêtre avec regrenew qui apparaissait. J'ai changé d'antivirus pour antivir mais rien ni fait, même en suivant les instructions de Megataupe, mode échec ..... Merci d'avance pour votre aide. Voici le rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:15:40, on 26/02/2009 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Documents and Settings\Propriétaire.NOM-Y40BV9AST51.000\Menu Démarrer\Programmes\Démarrage\Calc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr8.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr8.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr8.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [showShifter TVTV EPG Daemon] "C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [E63E34A7] c:\docume~1\propri~1.000\locals~1\tempor~1\content.ie5\ux4ryx25\cbaffr~1.exe /m="C:\DOCUME~1\PROPRI~1.000\LOCALS~1\TEMPOR~1\Content.IE5\UX4RYX25\CBAFFR~1.EXE" /k="" O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - S-1-5-18 Startup: Calc.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Calc.exe (User 'Default user') O4 - .DEFAULT User Startup: Calc.exe (User 'Default user') O4 - Startup: Calc.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1234554818921 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 6239 bytes